Description
A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2), SINEC NMS (All versions < V3.0 SP1). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.
CVSS breakdown
Affected products
- Siemens / Security Configuration Tool (SCT)0 – *
- Siemens / SIMATIC Automation Tool0 – V5.0 SP2
- Siemens / SIMATIC BATCH V9.10 – V9.1 SP2 Upd5
- Siemens / SIMATIC NET PC Software V160 – V16 Update 8
- Siemens / SIMATIC NET PC Software V170 – *
- Siemens / SIMATIC NET PC Software V180 – V18 SP1
- Siemens / SIMATIC NET PC Software V190 – V19 Update 2
- Siemens / SIMATIC PCS 7 V9.10 – V9.1 SP2 UC05
- Siemens / SIMATIC PDM V9.20 – V9.2 SP2 Upd3
- Siemens / SIMATIC Route Control V9.10 – V9.1 SP2 Upd3
- Siemens / SIMATIC S7-PCT0 – V3.5 SP3 Update 6
- Siemens / SIMATIC STEP 7 V50 – V5.7 SP3
- Siemens / SIMATIC WinCC OA V3.170 – *
- Siemens / SIMATIC WinCC OA V3.180 – V3.18 P025
- Siemens / SIMATIC WinCC OA V3.190 – V3.19 P010
- Siemens / SIMATIC WinCC Runtime Advanced0 – V17 Update 8
- Siemens / SIMATIC WinCC Runtime Professional V160 – V16 Update 6
- Siemens / SIMATIC WinCC Runtime Professional V170 – V17 Update 8
- Siemens / SIMATIC WinCC Runtime Professional V180 – V18 Update 4
- Siemens / SIMATIC WinCC Runtime Professional V190 – V19 Update 2
- Siemens / SIMATIC WinCC V7.40 – *
- Siemens / SIMATIC WinCC V7.50 – V7.5 SP2 Update 17
- Siemens / SIMATIC WinCC V8.00 – V8.0 Update 5
- Siemens / SINAMICS Startdrive0 – V19 SP1
- Siemens / SINEC NMS0 – V3.0 SP1
- Siemens / SINEC NMS0 – V3.0
- Siemens / SINUMERIK ONE virtual0 – V6.23
- Siemens / SINUMERIK PLC Programming Tool0 – V3.3.12
- Siemens / TIA Portal Cloud Connector0 – V2.0
- Siemens / Totally Integrated Automation Portal (TIA Portal) V15.10 – *
- Siemens / Totally Integrated Automation Portal (TIA Portal) V160 – *
- Siemens / Totally Integrated Automation Portal (TIA Portal) V170 – V17 Update 8
- Siemens / Totally Integrated Automation Portal (TIA Portal) V180 – V18 Update 4
- Siemens / Totally Integrated Automation Portal (TIA Portal) V190 – V19 Update 2